Cyber Resilience

CVE-2025-9142

High

Published: 14 January 2026

Published
14 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0001 2.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9142 is a high-severity Path Traversal (CWE-22) vulnerability in Checkpoint (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-9142 is a path traversal vulnerability (CWE-22) affecting the Harmony SASE Windows client from Check Point. Published on 2026-01-14, it enables a local user to trigger the client to write or delete files outside the intended certificate working directory. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, low privileges required, and user interaction needed, along with changed scope and high impacts to confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability by inducing user interaction to manipulate certificate handling, causing the Harmony SASE Windows client to perform unauthorized file writes or deletions beyond its designated working directory. Successful exploitation could allow arbitrary file modification or removal, potentially leading to privilege escalation, data corruption, or denial of service, given the high impact ratings across confidentiality, integrity, and availability with scope change.

Check Point has published advisory SK184557 at https://support.checkpoint.com/results/sk/sk184557, which provides details on the issue and recommended mitigations for the Harmony SASE Windows client.

EU & UK References

Vulnerability details

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Path traversal enables arbitrary local file writes/deletes, directly facilitating privilege escalation (T1068), file deletion for indicator removal (T1070.004), and stored data manipulation (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7252Shared CWE-22
CVE-2026-6855Shared CWE-22
CVE-2026-44243Shared CWE-22
CVE-2026-3243Shared CWE-22
CVE-2026-25059Shared CWE-22
CVE-2025-2193Shared CWE-22
CVE-2026-25161Shared CWE-22
CVE-2026-35214Shared CWE-22
CVE-2026-24741Shared CWE-22
CVE-2025-25371Shared CWE-22

Affected Assets

Checkpoint
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates file paths supplied to the Harmony SASE client to block traversal sequences that would allow writes or deletes outside the certificate directory.

prevent

Enforces authorization checks on all file-system operations performed by the client, preventing unauthorized writes/deletes beyond the intended working directory.

prevent

Restricts the privileges assigned to the Harmony SASE client process so that even a successful path traversal cannot affect files outside its minimal required scope.

References